Open jobs Support
Apply now

Cyber Security Analyst (Senior)

2104
5 Jan, 2026 to 31 Aug, 2026
Stockholm (20% remote)

When applying for this consulting assignment, please ensure that you:

  • Fill out matrix in English (matris)
  • Attach an updated CV in English and in word-format.
  • State your fee


Role Description

The Governance, Risk, Compliance & Resilience (GRC-R) Officers on all levels play a key role in ensuring that the security posture of the organization remains strong, scalable, and aligned with business

goals. The GRC-R Officers four focuses are: governance to build a structured way of working with cyber security while achieving organizational objectives and improving security culture, risk management to

identify, address, assess, mitigate and follow-up on cyber security and technology risks, compliance to meet global and local laws, standards and other regulatory requirements within cyber security, and

resilience to ensure an ability to deliver intended outcomes despite experiencing challenging cyber events. The officers ensure that the cyber security best practices are applied consistently on H&M's global

market. They collaborate closely with other functions within the organization and continuously enhances our services and processes.

The GRC-R Officer is a high-level role. This position leads in developing and maintaining a comprehensive governance framework, managing cyber risks, ensuring compliance with global standards and

regulations, and strengthening resilience through business continuity and crisis management. With an advanced understanding of cyber security principles, the GRC-R Officer enforces to the strategic

direction and ensures its implementation across the organization.


Responsibilities

On a high-level leading in:

  • Develop and continuously improve the organization’s Governance, Risk, Compliance and
  • Resilience (GRC-R) frameworks within cyber security.
  • Ensure the governance structure and security steering documents are accessible, clearly
  • understood, and adopted across all levels of the organization.
  • Conduct and oversee comprehensive cyber risk assessments at both enterprise and
  • operational levels; maintain and regularly update central risk registers enabling riskinformed decision-making.
  • Develop audit and control testing schedules, and ensure systematic evaluation of
  • compliance levels and control effectiveness.
  • Support and guide the organization through security incidents and crisis events, identifying
  • root causes and presenting pragmatic, risk-based solutions.
  • Drive a culture of continuous improvement by identifying and introducing more effective
  • and efficient controls and processes across the cyber security domain.
  • Collaborate regularly with internal departments and external stakeholders, including thirdparty vendors, to manage cyber security risks and ensure alignment with internal standards
  • and contractual obligations.
  • Act as a visible ambassador for cyber security, making complex security topics
  • understandable and accessible to all employees.


Qualifications

  • Typically, 5+ years in cyber security
  • Typically, 7+ years in governance, risk management, compliance and/or resilience
  • Applicable educational background within GRC and/or information and cyber security (e.g. a university degree or
  • a diploma from a higher vocational education) or equivalent work experience
  • Good knowledge of regulatory compliance - preferable on a global market
  • Good knowledge of cyber security best practises and standards (e.g. ISO 27001, ISO 31000, ISO 22301, NIST
  • 800, C2M2, CMMC)
  • Proven track record in managing risk in a global enterprise
  • Experience designing, implementing and governing cyber security frameworks
  • Experience working with auditors and QSA's in security assessments and certification processes
  • Strong communication and collaboration skills
  • Experience from driving security awareness activities and building security culture
  • Proven skills in change management

Other qualifications/optional certification

• CISM, CISSP, CCISO or equivalent certification in information and cyber security

• ISO 27001 Certification (e.g. as Lead Implementor or Lead Auditor)

• Certification in Business Continuity Management (e.g. CBCP orISO 22301



Please note! We offer continuously. That means that we sometimes remove the assignments before deadline. If you are interested we recommend that you apply immediately.

logo